Many people are familiar with using PPTP as the tunneling and encryption protocol. This is a fast and somewhat secure method of connecting remotely, but what if you want something more secure as far as the transfer of data and authentication? Then you have to move into higher levels of VPN — for example, L2TP. David Prowse, creator of CompTIA Network+ Video Mentor,shows you how.

From the author of

From the author of

In this screencast and ensuing article, I’ll show how to configure a Layer 2 Tunneling Protocol (L2TP) connection on the server side (Windows Server 2003) and client side (Windows XP Pro). The video and step-by-step article are broken into six steps:

Step 1: Install a Certificate Authority on the server.

Step 2: Configure the Certificate Authority (CA) on the server.

Step 3: Configure MS-CHAP on the client.

Step 4: Configure L2TP and IPsec on the client.

Step 5: Install a certificate on the client.

Step 6: Making the new VPN connection.

This screencast assumes that you have IIS running on the server, you know how to set up a basic VPN, and you have a VPN server running. For more information on how to set up a basic VPN, see my website. (Free registration required.).

You need to upgrade your Flash Player. You need version 9 or above to view this video. You may download it here. You may also see this message if you have JavaScript turned off. If this is the case, please enable JavaScript and reload the page.

Step 1: Install a Certificate Authority on the Server

Even if your client is already set up to make L2TP connections (see Step 4 for more), and you have a basic VPN server working, you would get a 781 error when attempting to connect. This is because your client requires an encryption certificate. The client must get that certificate from the server (or some other authority). Let’s install and configure the Certificate Authority on the Windows Server 2003 computer now so that it can dispense certificates to clients.

In the Common Name for this
CA field, type test.
Leave the rest of the information
as-is, and click Next.

Leave the Certificate Database
Settings window as-is and click
Next.

A pop-up window might ask
you about IIS, which needs to
be stopped during the installation
of the CA. Click OK. The installation
of the CA will begin.

If you are asked for the CD,
you can get the necessary information
from X:\i386 (where X is
the letter of your disc drive).
This could be from the Windows
Server 2003 disc, the Service
Pack disc, or the Server 2003
disc with slipstreamed service
packit depends on your setup.

NOTE

If IIS is not yet installed, Server 2003 will warn you that Certificate Services Web Enrollment Support will not work until IIS is installed. Click OK for this message and be sure to install IIS before continuing with this lab. This can be done from Add/Remove Windows Components > Application Server > Internet Information Services (IIS). IIS can be installed simultaneously with Certificate Services.

Click Finish. The Certificate Authority is now installed. You should see it within your Administrative Tools. A restart is not normally necessary, but might be a good idea, especially if you have a lot of other services running on the server.